Really, it was only a matter of time. The government has had its first truly massive data breach, with Revenue and Customs losing a pair of discs in the post holding bank accounts and other personal details of 25 million people.

The private sector has had its share of such things (see: TK Maxx), so it’s no surprise the government has finally had its turn (especially after seriously tempting fate by suggesting online information security wasn’t much of a problem).
Might this finally be the event which makes them take data security seriously? And how should they go about preventing the next one?

Here’s one idea: Last week, the head of the ICO said he wanted anyone responsible for losing data in such a way – the example was a stolen laptop holding insecure personal data – would be criminally responsible (we’re talking fines, not jail time.)

Yes, please.
The HMRC had guidelines in place. It had data security. It had traceable, secure ways of sending packages. It also had stupid employees – as is usual, we humans are the weak link. Let’s try to deal with that.

Here’s another idea: People have recently been called for data breach legislation, in order to ensure we’re told about such errors.

Again, yes please.

The government held off for ten days before alerting us little people about the breach, because they wanted to give banks time to prepare. Wouldn’t it be nice if the HAD to tell us? I get that they need to manage information so as not to create panic, but this breach happened in mid October…

And one last thought: The government should stop with the databases until they learn how to be competent. (I realise this might be 4.97 billion years in coming.)The possibilities for the next data breach – because there will be another – are endless, especially with the joining up of databases for the identity card scheme. If the government wants to be trusted to run a database of that scale, they should sort out how they handle the ones they’ve got – like how parents make kids prove they can care for a goldfish before getting them a puppy.

Indeed, this is my biggest complaint about the ID card plans. I don’t trust the UK government – but it’s not because I think they’re evil or conniving so much as just incompetent.
But what do you think? Will breaches like this continue to happen? Do you still trust the government – if you ever did? Or is this all an over-reaction over a silly mistake by an entry-level paper pusher forgetting to tick the right box on a courier form? Thoughts in comments below…

Some managers just don’t know what to do with the internet, or their people.

 Along with many ways to be more efficient, the web brought with it a lot of ways to kill time: Facebook. Personal email. LOLcats. Reading blogs (slacker!).

Good companies choose to manage their people without contacting the IT department, and only come down hard on such time-wasters if the employee in question isn’t doing enough work. Fair enough.

But others just ban everything.

A friend of mine – and I do actually mean someone other than me, as our publishers aren’t even remotely this silly – works for such a place.

Despite the employees being generally completely run off their feet, working long hours for low pay, and still getting the job done, this company has felt the need to ban all personal use of the internet.

If you want to Facebook, do your banking online, book a train ticket, or send a quick email to your mom, you can do it on your lunch hour – from one shared machine, not the one on your desk.

Employees there – my friend included – are frustrated, and morale is low. They think their boss is an ass.

Talk about poor management. Only a really crap manager, with no web-savvy, no trust in their employees and no clue about their work levels, would do such a thing.

If people need a break from work, they should be allowed to take it. Why is it okay (well, not so much these days) to take a five-minute cigarette break out by the back doors, but not okay to take a five-minute Scrabulous break at your desk?

Sometimes workers – especially those stuck in front of a monitor thinking all day – need to shut off for a few minutes, or just get a chore (like banking) done, before getting back to work.

Managers need to manager people, not their web permissions.

And with that said, time for a turn on Scrabulous… but first: has your employer ever tried to ban online access? And what’d you do about it? Let us know in the comments!